Hijack Log (Please review)

Hope this is the correct place to post..
Please review and reply with your opinion.

I have cleaned up, but I think there still might be a few left..

Logfile of HijackThis v1.97.7
Scan saved at 7:20:03 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cingular\VPN Client\cvpnd.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MailFrontier\mlfbuddy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\ATI Multimedia\main\ATIMMC.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Program Files\RadioManager\DRSRadioStreamer.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lv\Desktop\CWShredder.exe
C:\WINDOWS\System32\notepad.exe
C:\downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.bscc.bls.com/proxy.pac
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://serge.bscc.bls.com/download/CfxIEAx.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4B824B7C-EDE2-4335-819E-98D88FFBCE13} (Cingular.DatePicker) - http://serge.bscc.bls.com/ActiveX/DatePicker/CingularDatePicker.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f36f281caa8bf06/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.3205324074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

 

Hi luvencl

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f3...ip/RdxIE601.cab
................................
Reboot your PC

Delete the following named in bold (if found, a prior cleaning step may have already removed them):

C:\Windows\System32\wsaupdater.exe

C:\WINDOWS\System32\toolbar.dll

Additionally, since you had the Isearch infection, it may have compromised your hosts file to block security sites. Please do a search on your PC for a file named: hosts (you want the one with no extension)

It is located in the folder listed for your Operating System:

Windows 95/98/ME c:\windows directory

Windows NT4/2000/XP/2003 c:\winnt\system32\drivers\etc directory.

Please open it up - you will need to chose a program to open it with (use Open with Notepad or Wordpad) and look at the entries inside. If you did not place them there yourself, please delete them (just the bad entries - not the the hosts file). Most *bad* entries begin with: O1 - Hosts: 127.0.0.* (where * can be any number) and then a name of a site

The list may look something like this:

If you are not sure what to do, please feel free to post your list in this thread and someone will be glad to assist you

You should then be able to access the sites that you were previously being blocked from.
.............................................................
There is also a program available to reset your Hosts file to the default used by Windows. Please note that this instruction will replace any entries in that file - so if you have added entries yourself to the Hosts file, you will need to add them back after resetting your Hosts file with this method.

Download Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Unzip, install the program and run it.
Press *Restore Original Hosts* and press OK*
Exit the program, and you should now be able to access the sites you need.
..............................
Ok! Now, please scan once more with HijackThis and post a fresh log please to see if anything else needs to be done

 

Thanks so much for all your great help!!
I have cleaned up..
The host file contains:

127.0.0.1 and.doxdesk.com
127.0.0.10 eblocs.com
127.0.0.11 enigmasoftwaregroup.com
127.0.0.12 forum.aumha.org
127.0.0.13 free-spyware-scan.com
127.0.0.14 free-web-browsers.com
127.0.0.16 grisoft.com
127.0.0.17 hackfaq.org
127.0.0.18 hazeleger.net
127.0.0.19 javacoolsoftware.com
127.0.0.100 www.spyware-cop.com
127.0.0.102 www.spywarenuker.com
127.0.0.103 www.spywareremove.com
127.0.0.104 www.spywareremove.com
127.0.0.105 www.stopzillapro.com
127.0.0.107 www.thiefware.com
127.0.0.109 www.unwantedlinks.com
127.0.0.110 www.webattack.com

Shall I delete all?
I notice that I am missing the local host entry?

 

Logfile of HijackThis v1.97.7
Scan saved at 5:06:53 AM, on 6/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cingular\VPN Client\cvpnd.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MailFrontier\mlfbuddy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\RadioManager\DRSRadioStreamer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.bscc.bls.com/proxy.pac
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\Program Files\MailFrontier\mlfbuddy.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Dialer (OnStartup).lnk = ?
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\tcp spy\tcpspylsp.dll
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://serge.bscc.bls.com/download/CfxIEAx.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4B824B7C-EDE2-4335-819E-98D88FFBCE13} (Cingular.DatePicker) - http://serge.bscc.bls.com/ActiveX/DatePicker/CingularDatePicker.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22db4f36f281caa8bf06/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38004.3205324074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

 

Those entries are blocking you from visiting security related sites, updating security programs, etc. so please do as CalamityJane advised.

Your last log looks OK although I'm not very fond of SpyHunter. Having it may give you a false sense of security.

Please read: Why did I get infected in the first place

Regards,

Pieter

 

You can use that step to fix your Hosts file back to the default used by Windows. It will get rid of the bad entries and restore the file as it should be.
....................................
And I agree with Pieter about SpyHunter (get rid of it)...Spybot and Adaware are much better and both are FREE. (Thanks for catching that, Pieter!)

Now that your PC is clean, you'll need to reset your restore points in Windows XP.....why? One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
....................................
Lastly, please do follow the recommendations in Pieter's link for preventing future infections.

I also recommend this free tool from Microsoft to evaluate and tighten up your System and IE security.

Get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 1.2 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx